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SECURITY MAINTENANCE UTILITY 


Preface 


This manual instructs the system administrator in the purpose and operation of the 
SPERRY UNIVAC Operating System/3 (OS/3) Security Maintenance Utility. This utility 
allows you to control access to the interactive facilities of your system. The manual is 
arranged into the following sections: 


Section 1. introduction 


This section introduces you to the security maintenance utility, its operation and 
purpose, and the nature of the user and execution profiles it creates. 


Section 2. Using the Security Maintenance Utility 

This section describes how you use the security maintenance utility, the dialog 
through which it interfaces with you, and system generation requirements for 
interactive security. 


Section 3. Sample Security Maintenance Utility Session 


This section shows the security maintenance utility being used to create a user profile 
and an execution profile. 
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1. Introduction 


1.1. PURPOSE OF THE SECURITY MAINTENANCE UTILITY 


The security maintenance utility lets you, the system administrator, control access to the 
interactive facilities of your system through security information you place in the system 
security file (SY$SEC). By assigning identification to each system user, you determine 
exactly who is able to make use of your system. 


In addition to providing security, the security maintenance utility enables you to account 
for computer time used by interactive system users, and it provides an automatic method 
of executing predefined sets of interactive commands when your users log on. (In this 
manual, we use the term your users to identify the operators, programmers, and others 
you authorize to use the interactive facilities of your system.) 


1.2. OVERVIEW OF THE SECURITY MAINTENANCE UTILITY 


Before entering into a description of how you use the security maintenance utility, let’s 
briefly discuss its operation, define some of the terms you run into while using it, and 
remark upon the security information it manipulates. 


The security maintenance utility performs its tasks by creating two types of profiles — user 
and execution profiles. A user profile contains security and accounting information and 
execution profile names. An execution profile contains the execution profile name and 
commands for automatic execution at logon. You decide what to include in each of these 
profiles. How you, through a dialog with the security maintenance utility, build these 
profiles is described in 2.2. 
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1.2.1. User Profiles 





The security maintenance utility prevents anyone from logging on to your system unless 
he provides proper identification. That is, a user-id which matches one contained in a user 
profile. A user profile consists of a user-id (which also serves as the name of the user 
profile) and, optionally, a password, one or more account numbers, and one or more 
execution profile names. As the system administrator, you create and assign user-ids, 
passwords, account numbers, and execution profile names for each of your users. The 
following criteria are used when establishing these items in a user profiles: 


7 User-id 
A 1- to 6-alphanumeric-character string that identifies the user to the system. 
7 Password 


A 1- to 6-alphanumeric-character string that, with the user-id, controls the user’s 
access to the system. 


i] Account Number 


A 1- to 8-alphanumeric-character string that identifies the account to be charged for 
computer time. You may include more than one account numbers in a user profile. 


. Execution Profile Name 





A 1- to 8-alphanumeric-character name specifying an execution profile. This name 
identifies the series of commands to be executed automatically after your user has 
successfully logged on. You may include more than one execution profile names ina user 
profile. 


NOTE: 


When we refer to alphanumeric characters in this manual, we mean only the characters 
A—Z and O—9. You may not use special characters, such as commas, dollar signs, and 
periods. 


1.2.2. Execution Profiles 


An execution profile consists of an execution profile name and the commands to be 
automatically executed when your user has successfully logged on. The execution profile 
name is placed in the user profile serving as a pointer to the execution profile containing 
the commands to be executed. A user profile may have several execution profiles 
associated with it, and an execution profile name may be listed in several different user 
profiles. Figure 1-1 shows the relationship between user and execution profiles. 
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USER-ID = PAULM USER-ID = FRANKW 






‘PASSWORD = SECRET PASSWORD = A65BCD 






ACCT NUMBER = 2378901 ACCT NUMBER = 16784529 






EXEC PROFILE = EDITING EXEC PROFILE = EDITING 








EXEC PROFILE = INQUIRY EXEC PROFILE = PAYROLL 


EXEC PROFILE = ACCOUNTS 














INQUIRY 
(commands) 






ACCOUNTS 
(commands) 


EDITING 
(commands) 


PAYROLL 
(commands) 


Figure 1—1. Relationship of User and Execution Profiles 


1.2.3. Your User and the Security Maintenance Utility 


Your user has no control over, or access to, the security maintenance utility. However, its 
operation does affect his use of your system. 


When your user attempts to logon, a prompt on the workstation screen requests his user- 
id, password, and account number. His responses to these queries are compared to the 
contents of the user profiles. If a match is found, your user is logged on. If no match is 
found, the user is notified via the screen that his response is invalid. The user can then try 
again. If the user cannot successfully logon within three attempts, the system removes the 
logon prompt and blanks out the workstation screen. 


To gain access to the system, your user must enter the exact identification information 
that is in his user profile. If you did not assign him a password or account number, he 
must leave these blank on the workstation screen. If you assigned him multiple account 
numbers, he need enter only one of them. Any one of his account numbers will be 
accepted. 


At logon time, a prompt on the workstation screen also gives your user the opportunity to 
enter the name of an execution profile. If he enters the name of an execution profile that 
you have assigned him, the series of commands in that profile is executed automatically. 


As the system administrator, you have the option of assigning a default execution profile. 
In this case, the commands in the default profile are automatically executed if your user 
does not specify an execution profile name at logon. 
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NOTE: & 


If a user has no default execution profile and he does not specify a choice at logon, no 
series of commands is executed automatically. The user is logged on, however, and has 
access to your system. 





1.2.4. Security Information 


Security information, such as passwords and account numbers, is contained in the system 
security file (SYSSEC) in disguised form. This is done to prevent unauthorized access to 
security information. The commands entered in the execution profile are not disguised. 
The names of the user and execution profiles are also not disguised, so that you can 
determine which profiles are residing in $Y$SEC. 


NOTE: 


The system security file (SYSSEC) is automatically allocated by the security maintenance 
utility. If, for some reason, you want to allocate this file manually, you must allocate it as a 
MIRAM file. 


1.2.5. Introduction to the Security Maintenance Utility Dialog 


The security maintenance utility operates through a dialog between you and the system. 
The dialog requests information, beginning with the type of operation, and continuing 
through specific requests for passwords, account numbers, and execution profile 
information. When you complete the dialog, you have built a user or execution profile, 
ready for use and stored in the system security file. 





The dialog also prompts you to perform such functions as deleting user or execution 
profiles, displaying the contents of the security file, and terminating the security 
maintenance utility session when you have finished. 


Figure 1-2 is a flowchart showing the paths taken by the security maintenance utility 
dialog as it helps you create user and execution profiles. Refer to it as you read the 
Sections 2 and 3 of this manual describing the dialog and how you use it. 
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2. Using the Security Maintenance 
Utility 


2.1. SYSTEM GENERATION REQUIREMENTS OF THE SECURITY MAINTENANCE 
UTILITY 


To have interactive security, you must enter two parameters during the supervisor 
generation (SUPGEN) phase of system generation. The two parameters (ISLOGONSC and 
ISADMID) provide interactive security and control access to the security maintenance 
utility itself. 


2.1.1. Providing Interactive Security 


To have interactive security, enter the following keyword with YES as its associated 
parameter: 


aes ors 


2.1.2. Controlling Access to the Security Maintenance Utility 


Now that you have interactive security, you must be able to control it. To do this, you 
define (at SUPGEN time) a special logon user-id that identifies you as the system 
administrator. In this manner only you can access the system security file and only you 
can add or delete other user names from that file. Your special user-id is entered through 
the following SUPGEN keyword parameter: 


ISADMID=administratorid 


The administratorid may be from one to six alphanumeric characters long. 
NOTE: 


If you enter YES with the ISLOGONSC parameter, but enter no id with the [SADMID 
parameter, security is enforced, but no one can log onto the system. The security 
maintenance utility is inaccessible; therefore, you can’t make any entries into the security 
tile. With nothing in the security file, no user-id is acceptable to the system. In this event, 
the SUPGEN phase of system generation must be redone. You must enter an id with 
ISADMID if you provide interactive security. 
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2.2. SECURITY MAINTENANCE UTILITY DIALOG 





2.2.1. General 


All operations of the security maintenance utility are performed via a dialog. We discuss 
the use of the dialog from start to finish with explanations and examples as needed. We 
look at each dialog step as it is presented to you on your workstation screen, but with an 
alteration for clarity. The dialog requests appear on the screen one following another, with 
no break between; the screen does not clear after each dialog request is answered. We 
show each dialog step on a separate screen. 


To respond to a dialog request, enter your response immediately following the start-of- 
entry character ([>) on the line immediately below the last line of the dialog request. Then, 
press the transmit key to send your response to the system. Some of the dialog requests 
ask for information that is optional; examples of this are requests for passwords and 
account numbers. If you do not want to enter any data in response to these requests, 
simply press the transmit key, and your null response will be sent to the system. 


The following example shows how to respond to a dialog request. The dialog request 
shown asks for an optional piece of data, an account number: 





ENTER AN ACCOUNT NUMBER FOR USER-1D PAULM 


> 





> To answer this request with an account number, enter the account number immediately 
following the start-of-entry character. The cursor will be positioned at that point: 


ENTER AN ACCOUNT NUMBER FOR USER-ID PAULM 


>3468 





—> To answer this request without an account number, just press the transmit key. 
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2.2.2. Initializing the Security Maintenance Utility 

To use the security maintenance utility dialog, first log onto the system, using the special 
user-id you defined during SUPGEN with the ISADMID parameter. After your LOGON 
command has been accepted, enter the following interactive command to initialize the 
security maintenance utility: 


SMU 


NOTE: 


You may use the security maintenance utility only from a workstation or terminal acting as 
a workstation. You may not use it from the system console. 


Do not enter any parameters with the SMU command. The command will be rejected if 
you do. If you log on under a user-id other than the one specified at SUPGEN, the 
command will be rejected, and the following error message displayed: 


1S47 COMMAND NOT PERMITTED FOR USER-ID 


After you have initialized the security maintenance utility, the first dialog request is 
displayed. 


NOTE: 

The first time you use the security maintenance utility, it operates in a way slightly 
different from the description that follows. For detailed information on the initial use of the 
security maintenance utility, refer to 2.2.8. 


2.2.3. Operation Type Dialog Request 


The following screen shows the first dialog request, the operation type dialog request: 


ENTER THE TYPE OF OPERATION TO BE PERFORMED: 
ADD AN OBJECT 
DELETE AN OBJECT 


LIST OBJECTS 
TERMINATE 
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This is the first dialog request produced by the security maintenance utility dialog. You are 
asked to choose the type of operation. The term object refers to either a user or execution 
profile. You may use the security maintenance utility either to ADD user or execution 
profiles to the system security file or DELETE them. You can also obtain a LIST of the 
names of user and execution profiles present in the security file. When you finish with the 
security maintenance utility, you may enter the fourth choice of this request, TERMINATE, 
to end your session. To respond to this dialog request, enter the number of your choice of 
operation: 1, 2, 3, or 4. 





NOTE: 


If you want to make any changes to an existing user or execution profile, you must delete 
the entire profile and rebuild it with your new changes. 


If you enter a response other than 1, 2, 3, or 4, the following message is displayed, and 
the operation type dialog request is redisplayed: 


1845 REPLY REJECTED - SPECIFIED VALUE OUT OF RANGE 


The following is an example of the operation type dialog request, with a response 
specifying that an object is to be added to the security file: 





ENTER THE TYPE OF OPERATION TO BE PERFORMED: 
ADD AN OBJECT 
DELETE AN OBJECT 


LIST OBJECTS 
TERMINATE 





2.2.4. Object Type Dialog Request 


The following screen shows the second dialog request, the object type dialog request: 


DELETED 


ENTER THE TYPE OF OBJECT TO BE (ADDED 
LISTED 


1. USER PROFILE 
2. EXECUTION PROFILE 
3. CONTENTS OF FILE 
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This dialog request asks you to identify the type of object. The first line is determined by 
your response to the operation type request; your response to that determines whether 
ADDED, DELETED, or LISTED appears in the first line. If you are going to either add or 
delete an object, the fourth line of the request is not displayed, as it only concerns listing 
profiles. 


If you are going to either add or delete an object, specify whether it is a user or execution 
profile by entering either 1 or 2. If you specified LIST in the operation type dialog request, 
the fourth line of the screen is displayed. If you choose 1 (USER PROFILE), only the names 
of user profiles are displayed. If you choose 2 (EXECUTION PROFILE), only the names of 
execution profiles are displayed. If you choose 3 (CONTENTS OF FILE), both user and 
execution profile names are displayed. If you enter a response other than the numbers 1, 
2, or 3, error message IS45 is displayed, as it is when you enter an incorrect response to 
the operation type dialog request. The object type dialog request is then redisplayed. 


The following is an example of the object type dialog request, with a response indicating 
that we want to add a user profile to the security file: 


ENTER THE TYPE OF OBJECT TO BE ADDED: 
1. USER PROFILE 


2. EXECUTION PROFILE 
Dl 





If you specified a listing of profiles in the security file, you are finished with the dialog. 
You'll receive a display of the names and types of profiles depending on your response to 
the object type dialog request. 


The following is a display produced by responding to the object type dialog request with 
the third option, CONTENTS OF FILE. Both user and execution profile names are displayed. 
User profiles are preceded by the letters UP; execution profiles are preceded by the letters 
EP: 


EP-EDITING UP-FRANKW UP-PAULM EP-PAYROLL 


UP-PAY238 EP-PENSION EP-UNEMPL 
1883 FSTATUS FINISHED, 96007 ELEMENTS WERE DISPLAYED 





On the third line of the screen, you'll notice that message !S83 is displayed. Your response 
of LIST OBJECTS to the first dialog request initiates an FSTATUS interactive command for 
the security file. Your response of USER PROFILE, EXECUTION PROFILE, or CONTENTS OF 
FILE to the object type dialog request provides the necessary information for the system to 
execute the FSTATUS command. 
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2.2.5. Object Name Dialog Request & 


The following screen shows the third dialog request, the object name dialog request: 


EXECUTION PROFILE DELETED 


ENTER THE NAME OF THEJUSER PROFILE ye a ee | 





This dialog request asks you for the name of the user or execution profile. If you are 
adding a profile, you must create a new name and enter it in the system. If you are 
deleting a profile, you must enter the name of the profile to be deleted. To respond, enter 
the name for the user or execution profile. 


If you enter a name longer than the six or eight characters allowed for user or execution 
profile names or enter a name containing invalid characters, the following error message 
is displayed. The object name dialog request is then redisplayed. 


1$5@ AJUSER PROFILE MUST BE 1 TO {6} ALPHANUMERIC CHARS 
EXECUTION PROFILE 8 


The exact wording of the error message depends on the type of profile it concerns. 





The following is an example of the object name dialog request, with a response naming 
the user profile PAULM. (Remember that the name of the user profile is also the user-id.) 


ENTER THE NAME OF THE USER PROFILE TO BE ADDED 


D>PAULM 





2.2.6. Completing the User Profile 


At this point, the dialog branches in several directions, according to the entries you have 
made up to now. 


if you have indicated that you want to de/ete either a user or execution profile, you have 
completed your work with the dialog. The profile is deleted, and the operation type dialog 
request is redisplayed. If the delete operation is unsuccessful, the following error message 
is displayed, and then the operation type dialog request is redisplayed. 


1$69 DELETE OPERATION REJECTED ________ NOT FOUND 





(The underlines are replaced by the name of the profile unable to be deleted.) 


UP-8823 Rev. 1 SPERRY UNIVAC 0S/3 2-7 


SECURITY MAINTENANCE UTILITY 


If you have indicated that you want to add a user profile to the security file, a group of 
dialog requests is displayed to obtain further information. These dialog requests are 
discussed in 2.2.6.1 through 2.2.6.3. 


If you have indicated that you want to add an execution profile to the security file, another 
set of dialog requests is displayed. These are described in 2.2.7. 


2.2.6.1. Password Dialog Request 


The following screen shows the password dialog request: 


ENTER THE PASSWORD ASSOCIATED WITH USER-ID 


> 





This dialog request asks for a password for the user profile identified by the user-id. You 
respond by entering a password or, if you do not want a password, by pressing the 
transmit key. If you enter a password longer than six characters, or one containing an 
invalid character, the following error message is displayed, and the password dialog 
request is redisplayed: 


1$58 A PASSWORD MUST BE 1 TO 6 ALPHANUMERIC CHARS 


The following is an example of the password dialog request for the user profile PAULM, 
with a password, SECRET, in response: 


ENTER THE PASSWORD ASSOCIATED WITH USER-ID PAULM 


DSECRET 





2.2.6.2. Account Number Dialog Request 


The following screen shows the account number dialog request: 


ENTER AN ACCOUNT NUMBER FOR USER-1ID 


> 
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This dialog request asks for an account number for the user profile identified by the user- 
id. You respond by entering an account number or, if you don’t want an account number, 


by pressing the transmit key. 


If you enter an account number longer than eight characters, or one containing an invalid 
character, the following error message is displayed, and the account number request is 


redisplayed: 


1$58 A ACCOUNT NUMBER MUST BE 1 TO 8 ALPHANUMERIC CHARS 


The following is an example of the account number dialog request for the user profile 
PAULM, with an account number, 45672987, in response: 


ENTER AN ACCOUNT NUMBER FOR USER-1D PAULM 


45672987 





If you do not enter an account number, the dialog proceeds to request an execution profile 
name. If you do enter an account number, the following dialog request is displayed, asking 
you for more account numbers. A user profile may contain as many account numbers as 


you need. 





MORE ACCOUNT NUMBERS? (DEPRESS TRANSMIT OR ENTER ACCT-NO) 
b> 





lf you have another account number, enter it. If you enter an account number, the dialog 
request is redisplayed, allowing you to continue entering account numbers. If you press 
the transmit key, the dialog proceeds to request an execution profile name. 


2.2.6.3. Execution Profile Name Dialog Request 


The following screen shows the execution profile dialog request: 


EXECUTION PROFILE NAME REQUIRED FOR 


(DEPRESS TRANSMIT OR ENTER EXECUTION PROFILE NAME) 





> 
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@ This dialog request asks for the name of an execution profile that you want associated 
with the user profile being built. The name of the user profile appears where there are 
underlines in this dialog request. To respond, enter an execution profile name, or, if you 
don't want an execution profile, press the transmit key. If you enter an execution profile 
name longer than eight characters, or one containing an invalid character, the following 
error message is displayed, and the execution profile name dialog request is redisplayed: 


1850 A EXECUTION PROFILE NAME MUST BE 1 TO 8 ALPHANUMERIC CHARS 


The following is an example of the execution profile name dialog request for the user 
profile PAULM, with an execution profile name, EDITING, in response: 


EXECUTION PROFILE NAME REQUIRED FOR PAULM ? 


(DEPRESS TRANSMIT OR ENTER EXECUTION PROFILE NAME) 
DEDITING 





If you enter an execution profile name, the following dialog request is displayed, asking 
you if you want to enter more execution profile names. A user profile can contain as many 
@ execution profile names as you need. 


MORE EXEC PROF NAMES? (DEPRESS TRANSMIT OR ENTER NEXT NAME) 
> 





If you want more execution profile names, enter them as you did the first one. After each 
name, the request for more is redisplayed. After you have entered the last execution 
profile name, press the transmit key when the request is redisplayed. The following dialog 
request is then displayed: 


ENTER THE NAME OF THE DEFAULT EXEC. PROF. NAME FOR LOGON: 


> 





This dialog request asks for the name of the default execution profile for the user profile 
being built. Enter a default execution profile name or, if you don’t want a default execution 
@ profile, press the transmit key. 





—_— 
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This dialog request completes the building of a user profile. After you respond to this 
request, the first dialog request (the operation type dialog request) is redisplayed. You may 
then add another object to the security file, delete an object, or list the contents of the file 
to make certain the profile you just completed has been entered. You may also end your 
session with the security maintenance utility by entering TERMINATE. 





2.2.7. Completing the Execution Profile: Command Dialog Request 

In 2.2.6, we said that the dialog branched to allow you to build either a user or execution 
profile. This subsection deals with the dialog requests displayed when you want to add an 
execution profile to the system security file. 


The following screen shows the command dialog request: 


ENTER A COMMAND TO BE EXECUTED FOR PROFILE 


> 





This dialog request asks you to enter an interactive services command, with any necessary 
parameters, to be automatically executed when a user specifies this execution profile at eS 
LOGON. You may only use one line of the screen to enter the command; the security 
maintenance utility does not accept the continuation character or commands greater than 

one line in length. 


If you enter a command longer than one line, the following error message is displayed, 
and the command request is redisplayed: 


1$58 A COMMAND MUST BE 1 TO 88 ALPHANUMERIC CHARS 


When you have entered a valid response, the following request is displayed: 


MORE COMMANDS? (DEPRESS TRANSMIT OR ENTER COMMAND) 


> 
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This dialog request solicits another command to be entered in the execution profile. To 
respond, enter a command or, if you don’t want any more commands, press the transmit 
key. After you enter each command, the request is redisplayed. When you enter the last 
command, press the transmit key. This concludes this portion of the dialog and causes the 
first dialog request (the operation type request) to be displayed. At this time, as at the 
conclusion of the user profile portion of the dialog, you may add other profiles to the 
security file, delete profiles, list the contents of the security file, or end your security 
maintenance utility session. 


2.2.8. Initial Use of the Security Maintenance Utility 


The sequence of dialog requests is somewhat different during the initial use of the 
security maintenance utility. The first time you log on under the security administrator's 
user-id and enter SMU, the following message is displayed: 


1$76 SECURITY ADMINISTRATOR'S USER-ID IS NOT IN $Y$SEC 


Immediately after the message, the password dialog request for the security 
administrator’s user-id is displayed. The dialog continues from this point, prompting you to 
create a user profile for the security administrator’s user-id. After you do this, the utility 
operates in the normal sequence, beginning with the operation type dialog request. This 
difference in sequence occurs because the security administrator's user-id is not initially 
located in the system security file (SY$SEC). Building a user profile associated with the 
security administrator’s user-id causes it to be placed in the system security file. 
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3. Sample Security Maintenance 
Utility Session 


3.1. GENERAL 


In this section, we present a typical session using the security maintenance utility. Here 
we'll create a user profile and a simple execution profile to go with it. 


We've divided the session into four parts; after each part we'll explain the requests and 
responses shown. 


3.2. SAMPLE SECURITY MAINTENANCE UTILITY SESSION 


3.2.1. Part 1: Object and Operation Type Dialog Requests 


The following 10 lines show the beginning of this security maintenance utility session: 


1. ENTER THE TYPE OF OPERATION TO BE PERFORMED: 
2. ADD AN OBJECT 

3. DELETE AN OBJECT 

4. LIST OBJECTS 

5. TERMINATE 

6. Dl 

7. ENTER THE TYPE OF OBJECT TO BE ADDED: 

8. 1. USER PROFILE 

9. 2. EXECUTION PROFILE 

10. D1 





In part 1, we respond to the first two dialog requests of the security maintenance utility. 
On line 6 we respond that we want to add an object to the system security file; on line 10 
we respond that the object we want to add is to be a user profile. 








UP-8823 Rev. 1 SPERRY UNIVAC OS/3 3-2 
SECURITY MAINTENANCE UTILITY 


3.2.2. Part 2: Creating the User Profile 


The following 23 lines show the steps we take to create the user profile we specified in 
part 1: 


1. ENTER THE NAME OF THE USER PROFILE TO BE ADDED 

2. >PAY238 

3. ENTER THE PASSWORD ASSOCIATED WITH USER-I1D PAY238 

4. DER123 

5. ENTER AN ACCOUNT NUMBER FOR USER-ID PAY238 

6. DPAY34 

7. MORE ACCOUNT NUMBERS? (DEPRESS TRANSMIT OR ENTER ACCT- 

8. DPAY37 

9. MORE ACCOUNT NUMBERS? (DEPRESS TRANSMIT OR ENTER ACCT- 

18. DPAYS1 

11. MORE ACCOUNT NUMBERS? (DEPRESS TRANSMIT OR ENTER ACCT- 

12. > 

13. EXECUTION PROFILE NAME REQUIRED FOR PAY238? 

14. (DEPRESS TRANSMIT OR ENTER EXECUTION PROFILE NAME) 

15. D>PAYROLL 

16. MORE EXEC PROF NAMES? (DEPRESS TRANSMIT OR ENTER NEXT NAME) 
17. DPENSION 

18. MORE EXEC PROF NAMES? (DEPRESS TRANSMIT OR ENTER NEXT NAME) 
19. DUNEMPL 

26. MORE EXEC PROF NAMES? (DEPRESS TRANSMIT OR ENTER NEXT NAME) 
21. > 

22. ENTER THE NAME OF THE DEFAULT EXEC. PROF. NAME FOR LOGON: 

23. > 





In part 2, we create the user profile, beginning with line 2, where we name the user profile 
PAY238. In line 4, we respond to the dialog request for a password by entering ER123. In 
line 6, we enter the first account number, PAY34, that we want to place in the profile. Line 
7 asks if we want to add more account numbers; and, in line 8, we add PAY37. We add 
another account number, PAY51, in line 10. These different account numbers could be 
assigned to different personnel, different departments, or different activities within a 
department. Because we have added all the account numbers we want, we respond to line 
11 by pressing the transmit key. In line 15, we begin to add execution profile names to the 
profile, the first being PAYROLL. We enter two more execution profile names on lines 17 
and 19, PENSION and UNEMPL. These execution profiles could start programs to calculate 
pension benefits, produce an accounting of unemployment compensation paid over the last 
year, or any program we devise. 
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We complete the sequence of entering execution profile names by responding to line 20; 
we do this by pressing the transmit key. 


We complete the user profile by specifying that we don’t want a default execution profile 
for the user profile. 
3.2.3. Part 3: Creating an Execution Profile 


The following 16 lines show the creation of an execution profile to be associated with user 
profile PAY238: 


1. ENTER THE TYPE OF OPERATION TO BE PERFORMED: 

2. ADD AN OBJECT 

3. DELETE AN OBJECT 

4. LIST OBJECTS 

5. TERMINATE 

6. Dl 

7. ENTER THE TYPE OF OBJECT TO BE ADDED 

8. 1. USER PROFILE 

9. 2. EXECUTION PROFILE 

18. D2 

11. ENTER THE NAME OF THE EXECUTION PROFILE TO BE ADDED 
12. D> PAYROLL 

13. ENTER A COMMAND TO BE EXECUTED FOR PROFILE PAYROLL 

14. DRV PAYJOB 

15. MORE COMMANDS? (DEPRESS TRANSMIT OR ENTER COMMAND) 
16. > 





In part 3, we create an execution profile. In part 2, we specified the names of three 
execution profiles to be associated with user profile PAY238. Now we are going to 
complete one of the three execution profiles, PAYROLL. Lines 1 through 10 repeat the 
dialog requests you saw in part 1. You will respond to these requests every time you 
perform a security maintenance utility function. In line 6, we indicate that we want to add 
an object; in line 10 we indicate that the object is an execution profile. Because the 
execution profile itself is a different record in the security file from the user profile, we 
must enter the name of the execution profile again. The name is entered on line 12, 
PAYROLL. We enter the first command for PAYROLL on line 14, RV PAYJOB. This is the 
only command in this execution profile; therefore, when we are asked for more commands 
on line 15, we respond by pressing the transmit key. 


The other two execution profiles we specified for PAY238 are created in the same way. To 
simplify this sample session, we won't show them. 
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3.2.4. Part 4: Concluding the Session 





The following six lines show the conclusion of this sample security maintenance utility 
session: 


ENTER THE TYPE OF OPERATION TO BE PERFORMED: 
ADD AN OBJECT 
DELETE AN OBJECT 


LIST OBJECTS 
TERMINATE 


na om fF Ww HR 





This concludes the security maintenance utility session. We have finished creating the user 
and execution profiles we want to add to the system security file. This time, when the 
operation type dialog request screen is displayed, we choose option 4. Our security 
maintenance utility session is now finished. 

















Cut along line. 
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